Link to home
Start Free TrialLog in
Avatar of Toya G
Toya G

asked on

Ignoring Disabled Group Members in LDAP Java Query

I have a java ldap query where I pull all users that exist in a group. However, I now need to filter out disabled accounts. How do I modify my search to exclude disabled users?

Below is my current java ldap query.

    private LdapContext getTM1users(MbElement parser) throws FileNotFoundException, SQLException, IOException, MbException, NamingException
      {
            LdapContext ctx = null;
            MbElement start = null;
            Attributes attrs = null;
            NamingEnumeration answer = null;
            String group = null;
            String location = null;
            
        Hashtable<String, String> env = new Hashtable<String, String>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "Factory");
        env.put(Context.SECURITY_AUTHENTICATION, "Simple");
        env.put(Context.SECURITY_PRINCIPAL, "UserID");
        env.put(Context.SECURITY_CREDENTIALS, "Password");
        env.put(Context.PROVIDER_URL, "ldapURL");
       
        ctx = new InitialLdapContext(env, null);
            SearchControls constraints = new SearchControls();
        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
        String[] attrIDs = {"sAMAccountName"};
        constraints.setReturningAttributes(attrIDs);
       
        Hashtable<String, String> ht = new Hashtable<String, String>();
            ht.put("Agent_Comm", "Agent_Comm");
            ht.put("Elec_Finance", "Elec_Finance");
            ht.put("Freight", "Freight");
            ht.put("Vids", "Vids");
            
            Set<String> keys = ht.keySet();
            
            for(String key : keys)
            {
                  group = ht.get(key);
                  location = key;
       
                  answer = ctx.search("DC=ads,DC=abc,DC=com", "memberOf=CN=" + group + ",OU=ADM,OU=ABC,DC=ads,DC=abc,DC=com", constraints);
                  while (answer.hasMore())
                  {
                        attrs = ((SearchResult) answer.next()).getAttributes();
                        start = parser.createElementAsFirstChild(MbElement.TYPE_NAME, "user", null);
                        start.createElementAsFirstChild(MbElement.TYPE_NAME_VALUE, "userid",attrs.get("sAMAccountName").toString().trim());
                        start.createElementAsFirstChild(MbElement.TYPE_NAME_VALUE, "location", location);                        
                  }
            }
        return ctx;
    }
Avatar of Ravi Kiran Reddy Katkuri
Ravi Kiran Reddy Katkuri
Flag of Australia image
Hi,
Please replace your search criteria code with below  

answer = ctx.search("DC=ads,DC=abc,DC=com", "memberOf=CN=" + group + ",OU=ADM,OU=ABC,DC=ads,DC=abc,DC=com (&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", constraints);

Thanks,
Ravi Katkuri
Avatar of Toya G
Toya G

ASKER

Thanks Ravi. However, that solution did not pull back any members, although members exist.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.